IT infrastructure and data storage solutions provider Dell-EMC grabbed the headlines last month with a report proclaiming that India, Japan and Thailand were among countries levying the lowest penalty on data breaches. The study was jointly conducted with market research firm International Data Corporation. Dell-EMC promotes data safety norms, and also offers solutions to prevent breaches. In a conversation with TechCircle, Alex Lei, vice-president, data protection solutions division for Asia Pacific and Japan, Dell EMC, shared his views on why data protection should be seen as a necessity, and not a mere compliance issue. Edited excerpts:
What has been the scope of business for Dell-EMC’s data protection unit in India?
The data protection market is forecasted to reach a whopping $119.95 billion by 2022 from $57.22 billion in 2017. It has become essential for businesses to relook at their data protection applications. Moreover, it has now become important to differentiate between cyber security and data protection.
In terms of working with India, we are involved with both public and private sector businesses all the way down to the consumer level. There are 3,700 independent customers and we are also involved with digital transformation initiatives. The NSE infrastructure stack is supplied by us and most of Aadhaar runs on Dell-EMC stack. Banks, such as SBI, are also our customers. My unit looks at protecting critical data and information of large corporate entities and government organisations to ensure data recovery and allow organisations to stand on its feet in the event of a data breach.
Is data protection more of a compliance issue than a necessity with Indian companies? If so, does it change the way you look to do business in India?
The viewpoint you are talking about is very common in the market and is spread across the territory.
It is also true that that any kind of service or compute is bound to be affected by a cyber-catastrophe one day and there are always chances of data being breached or lost and that makes data protection very important. These catastrophes can be affecting critical infrastructure such as banks and transport systems, among others. The questions are – how do you recover your business so that you are back on your feet again?
There has been well-publicised incidents where data and application has been corrupted and because of that organisations could not conduct their businesses. A good example of that will be the global incidents involving WannaCry and Petya ransomware. These are very sophisticated malware developed by hackers, but they have managed to impact the global industry, all the way from logistics to banking, including SMBs.
With regards to the mechanism of the data being unavailable or lost or becoming unrecoverable, the end result is the same, which is to say that despite the underlying infrastructure being present, because of data loss people cannot use services – banks may not be able to perform transactions, ships will not be able to sail and one may not be able to send emails.
How, you as an organisation, is educating Indian firms about data protection?
We have been reaching out to all kinds of organisations, including enterprise customers and governments, to help them understand the critical nature of data protections via our community outreach programmes. We also have some workshops, customer events and PR initiatives that are targeted towards the same purpose. Our core message is that data is the new oil, that is, data is critical to your business, livelihood and to your regulatory or compliance well-being. And this is why, we ask every single enterprise, SMBs, governmental agencies, to look at data critically.
How long has Dell-EMC been operating in India?
Actually, for a considerable period of time. We are the leading innovator in the space. Importantly, we have rolled out a suite of cyber recovery solutions across all customer base to help organisations protect against advanced ransomware or catastrophic data failures. This is an engineered solution that will help our customer base get back on their feet in the event of a catastrophic security breach.
How is the data protection business growing?
We announced our earnings four weeks ago. Dell-EMC has been growing in all segments across all regions and product stacks. The company has had very healthy all-time growth. In Asia Pacific and Japan, we are growing at an healthy pace as well.
The data protection unit, globally, has reported $1 billion in revenue. This is very clearly a sign that attention towards data protection is increasing and the trend indicates that this business will continue to grow. This is why Dell EMC will look to aid all organisations in exploring data volumes and meet the challenges that come along with it.
India, which is an absolutely critical market for us, represents a unique opportunity as the country is undergoing digital transformation. Look at the amount of data the country’s citizens are producing, be it on apps such as Ola, Uber, Flipkart or Amazon, or on social media. All these data will need to be protected and we expect to help organisations meet protection challenges.
The Facebook imbroglio has been a reminder of why we need data privacy laws. What is your opinion about privacy laws in India?
First of all, the recent decision of the apex court in India terming that privacy should be a right to an individual is a landmark ruling (in the Puttuswamy case). I think that was the most important first step in having data privacy rules in the country. Having said that, Asian nations, historically, have not attended to privacy as a core human right. The US fired the first shot in data privacy when a court in California ruled that the company needs to notify the consumer if their data is leaked out. That was the basic first step.
But now, with the EU’s GDPR coming to near-enforcement, we are seeing data privacy being more and more defined so that enforcement can become more stringent. GDPR, in particular, introduced a couple of concepts, which are new to many organisations. One, the role of a data protection officer, something that many organisations today do not have. Two, is notification – once you discovery that data has been lost or has become unavailable, you need to notify within 72 hours. Three, is the right to be forgotten – something that has become more important due to a direct coalition from the advancement of our search engines, social media and the all new wave of computer applications.
These are landmark rulings and are going to change how companies conduct businesses and ensure they have the ability to fulfil the requirements deemed under GDPR. You can expect privacy laws in India to be defined in the months to come.
You said there was dearth of talent when it comes to data protection officers. Does India have enough talent to meet the demand?
I think there is a dearth of talent in terms of fulfilling the responsibilities of a data protection officer anywhere in the globe today. We are a large employer in India and we are also seeing that there is critical shortage of talent here. But this is not just an India problem.
The GDPR rules have been set in such a way that a data protection officer needs to understand more than data. He needs to be able to understand governance, laws and compliance, among other things. So, this means that a whole set of advanced skills have to be concentrated on one person, ergo the shortage. You can expect the shortage to exist for some years to come.
Having said that, we also believe that India is well-positioned to meet these challenges because India has a large number of well-educated and very technical resources. India also has a strong experience and history of supplying application development and similar services to all countries around the globe. The DNA is there, we just need to train that talent pool for the required purpose.
Is Dell-EMC training its employees to fill the gap?
Every time there is a legislature of this kind, we make a collective effort in coherence with our partners, customers and governments to understand the impact of the new legislation. For example, in the case of GDPR, we have reached out to our community to help them understand that it is a global legislation and compliance is necessary from anywhere on the planet as long as the company is handling data of a EU citizen. In most of our offices we organise events and workshops to educate partners and customers.
What kind of marketing strategy are you employing in India?
Dell-EMC wants to do as much as it can and, hence, we are employing all kinds of marketing strategy, including direct sales pitches in some cases and, in others, following the channel partner approach. In India, we have renewed our focus on channel marketing. We are making sure that technology information is available for our partners and often we do joint channel events to help customers understand several important aspects, for one, the importance of compliance to GDPR.
In fact, Dell-EMC’s future strategy is very clear. We will lead the objective of digital transformation for our customers, will lead in IT transformation and workforce transformation.